CVE-2018-20712

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.
Group Package Affected Fixed Severity Status Ticket
AVG-832 binutils 2.31.1-4 2.32-1 High Fixed
Date Advisory Group Package Severity Description
04 Jun 2019 ASA-201906-3 AVG-832 binutils High multiple issues
References
http://www.securityfocus.com/bid/106563
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
https://sourceware.org/bugzilla/show_bug.cgi?id=24043